What Does Protected Health Information (PHI) Mean?
Protected health information (PHI) was defined by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Among other goals, HIPAA was enacted to protect the privacy of individual patient's information. Pursuant to this act, PHI is any information related to an individual's health. To qualify for the HIPAA's privacy protections, the health information must be linkable to a particular person. This information is referred to as "individually identifiable" health information.
The definition of health information as used in HIPAA is broadly defined. Past, present, or future data regarding the person's physical or mental health are all included. Payments made by individuals to health care providers are included in this definition. However, HIPAA's privacy regulations only apply to information held by covered entities and their business associates or agents. If the information meets all of this criteria, it is considered PHI under federal laws. Other federal and state laws may impose additional privacy restrictions.
